PDF malware analysis — malicious · 71337f75a80b86b3

MALICIOUS

PDF

47.6 KB Created: 2021-08-18 22:18:47 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-25

MD5: 0942d5be3bbf014f3ec63559ef42fe36 SHA-1: c3fed7a6e7d45e8185db4bf5818c1b64f951c42f SHA-256: 71337f75a80b86b339bfbb502106ebd6bae6a7f92a236474ff08d1508ddf5246

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The ClamAV heuristic identified this PDF as a phishing trojan. While the document body is unreadable due to encoding, the presence of an embedded URI pointing to a Google feedproxy URL suggests an attempt to redirect the user. The PDF structure itself is likely exploited to deliver this malicious link.

Machine Learning

Nyx PDF Classifier clean score 0.0806

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/Uplcv/~3/ngfLrbzwjls/uplcv?utm_term=centroide+de+un+trapecio+rectangulo PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.